Rockwell Automation T8094 8000 Series TMR System Safety Manual User Manual
Page 55
SAFETY MANUAL
D oc N umber T8094
I ssue 27 – June 2013
Page 34 of 103
3.7.1.1 SYSTEM Section Configuration
The High Density I/O SYSTEM section within the system.ini file allows the internal bus
activity, system watchdog and power failure signal and bypass timeouts to be adjusted.
These may be adjusted for test and development purposes.
Internal Bus Activity (IMBTO)
The default setting (500ms) for the internal bus activity timeout is appropriate for most
applications.
This timeout may be adjusted to a shorter period; the adjusted period
shall be shorter than the PST
E
less the overall system response time. This
setting SHALL NOT be set to zero for operational systems.
System Watchdog Timeout (WDOGTO)
As with the internal bus activity timeout, it is not normally necessary to adjust this
parameter.
This value shall not be adjusted for safety-related applications and
shall not be set to zero for operational systems.
Power Fail Timeout (PWRFAILTO)
The power fail signal timeout shall only be set to zero if the output module is
required to change to its configured fail-safe state, rather than off/de-energised
in the case of loss of communications with, or removal of the TMR Processor.
Bypass Timeout (BYPASSTO)
The Bypass Timeout period to temporarily bypass the other timeouts defined in the
system section during an Active/Standby changeover. Only in exceptional cases will it
be necessary to adjust this setting.
This setting shall not be adjusted for safety
related systems and shall not be set to zero for operational systems.
3.7.1.2 FORCE Section
This section allows the reported channel state to be forced directly on the associated
input or output module
. This feature is for testing by Rockwell Automation or an
approved systems integrator only, and SHALL NOT to be used in an operational
system.
3.7.1.3 SHUTDOWN Section
This section allows the user to configure individual shutdown states for each output
channel. The options include de-energise, energise and hold.
Safety related, de-
energise to trip outputs shall either be left to their default shutdown action
configuration (de-energise) or specifically configured to de-energise. Safety
related, energise to trip outputs should be configured for the energise option.
3.7.1.4 FLAGS Section
This section allows the user to configure the input or output type and the form of
monitoring supported for each channel.
For line monitored, safety-related outputs
the logical = TRUE setting shall not be used as this disables the line-monitoring
facility.
3.7.1.5 LED Section
This section allows the user to configure the indicators on the front of each High
Density I/O module. LED color and flash attributes can be specified for each possible
channel state (such as line fault conditions or voltage threshold ranges)
Safety
related I/O shall not use steady green to indicate abnormal channel conditions.